Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.
Course Of The Month
6 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
How to Remove TR/Dropper.Gen Virus
Posted on 2013-01-03
Hello,
I realised that my file server shares have all vanished. Checks revealled that the folders have become hidden and read-only and replacemenent exe's with the same name as the folders are not available instead.
My read around indicates this is Dropper virus or trojan. My antivirus program, Avira, could not detect this virus.
I would like a step by step manual way of removing this virus and restoring the files and folders on my server to their original status.
I realised that my file server shares have all vanished. Checks revealled that the folders have become hidden and read-only and replacemenent exe's with the same name as the folders are not available instead.
My read around indicates this is Dropper virus or trojan. My antivirus program, Avira, could not detect this virus.
I would like a step by step manual way of removing this virus and restoring the files and folders on my server to their original status.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
- +1
5 Comments
Active 2 days ago
Please check this link, edit registry at your own risk .
http://www.ehow.com/how_7308616_remove-tr_dropper-virus.html
http://www.ehow.com/how_7308616_remove-tr_dropper-virus.html
Hm, intresting. Maybe it's new modification. http://www.avira.com/en/support-threats-description/tid/3647/tr_dropper.gen.html Is your avira updated?
Try this cleaner. Doesn'r required install http://www.freedrweb.com/download+cureit/
Try this cleaner. Doesn'r required install http://www.freedrweb.com/download+cureit/
Active 6 days ago
@it_gsr,
I would advice you to scan the system with MalwareBytes and post the logs for further assistance on this issue. Make sure that you should run RogueKiller before you run MalwareBytes.
Further you should also check the User's systems which are connected to those shares, since those system would be infected as well.
Scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs
Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.
1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html
Rogue-Killer-What-a-great-
http://www.experts-exchange.com/A_4922.html
Stop-the-Bleeding-First-Ai
http://www.experts-exchange.com/A_5124.html
Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.
So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs
Sudeep
I would advice you to scan the system with MalwareBytes and post the logs for further assistance on this issue. Make sure that you should run RogueKiller before you run MalwareBytes.
Further you should also check the User's systems which are connected to those shares, since those system would be infected as well.
Scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs
Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.
1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html
Rogue-Killer-What-a-great-
http://www.experts-exchange.com/A_4922.html
Stop-the-Bleeding-First-Ai
http://www.experts-exchange.com/A_5124.html
Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.
So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs
Sudeep
Sudeep
Followed the instructions and these are the logs.
I am yet to run step 3.
I notice that not long after the foldes are unidden by Roguekiller, the problem resurfaces. I assume it could be a user re-infecting the system.
Any way I can prevent reinfections?
RKreport-2--SC-01042013-02d0847.txt
mbam-log-2013-01-04--09-13-06-.txt
RKreport-1--S-01042013-02d0825.txt
Followed the instructions and these are the logs.
I am yet to run step 3.
I notice that not long after the foldes are unidden by Roguekiller, the problem resurfaces. I assume it could be a user re-infecting the system.
Any way I can prevent reinfections?
RKreport-2--SC-01042013-02d0847.txt
mbam-log-2013-01-04--09-13-06-.txt
RKreport-1--S-01042013-02d0825.txt
Active 2 days ago
Get a descent antivirus or internet security, I'm using Kaspersky Internet security and haven't had any virus at all even though I visit some infected sites intentionally but Kaspersky even checks the website that you visit for infection. and also downloads even if they are compressed in ZIP format.
Also you may want to set your server behind a strict firewall like Cisco, SonicWALL for hardware or pfsense, untangle iptable for Software firewalls.
I'm using pfsense over 25 servers with IP blocker for spammers and Snort for network intrusion detection.
If you just have one server then you can set it for both your server and clients as well.
Also you may want to set your server behind a strict firewall like Cisco, SonicWALL for hardware or pfsense, untangle iptable for Software firewalls.
I'm using pfsense over 25 servers with IP blocker for spammers and Snort for network intrusion detection.
If you just have one server then you can set it for both your server and clients as well.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below.
1. Ma…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
- Anti-Virus Apps
- Ransomware
- The Email Laundry
- Email Servers
- Cybersecurity
- Microsoft Access, *malware
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email
Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month6 days, 9 hours left to enroll
724 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.